Rootconf is HasGeek’s annual conference -- and now a growing community -- around DevOps, systems engineering, DevSecOps, security and cloud. The annual Rootconf conference takes place in May each year, with the exception of 2019 when the conference will be held in June.
Besides the annual conference, we also run meetups, one-off public lectures, debates and open houses on DevOps, systems engineering, distributed systems, legacy infrastructure, and topics related to Rootconf.
This is the place to submit proposals for your work, and get them peer reviewed by practitioners from the community.
##Topics for submission:
We seek proposals -- for short and long talks, as well as workshops and tutorials -- on the following topics:
- Case studies of shift from batch processing to stream processing
- Real-life examples of service discovery
- Case studies on move from monolith to service-oriented architecture
- Network security
- Monitoring, logging and alerting -- running small-scale and large-scale systems
- Cloud architecture -- implementations and lessons learned
- Optimizing infrastructure
- Immutable infrastructure
- Aligning people and teams with infrastructure at scale
- Security for infrastructure
If you have questions/queries, write to us on firstname.lastname@example.org
ANTIVIRUS BYPASSING FOR FUN AND PROFIT
Why This Presentation?
Everyone uses Antivirus systems and believes in them to protect us against cyber threats. Antivirus systems are very important to us. They stand as the major protection mechanism for our computers and confidential data.
But how often do we test these systems for their capabilities?
Almost never as these Antivirus systems are sold only based on market/industry reputation and the security staff almost never test them for their capability. If you look from a penetration tester’s point of view, then fooling the Antivirus systems is
quiet easy and not more than a weekend job.
It took me a weekend of research and evades 57 Antivirus Engines. Bypassing Antivirus vendors is common task for malware authors.
This presentation is to motivate the Antivirus vendors and to make them aware of techniques used by malware coders to bypass their Systems. Also this is to motivate the IT security architects to not rely completely on the Antivirus engines to protect the end user.
What will I be presenting?
I will be taking the most well known and well detected shellcode from Metasploit framework:
And use my tricks/techniques to bypass the Antivirus engines. The shellcode will remain the same but the way I execute it will change. Simply fooling the Antivirus Engines and bypassing it.
I will be using VirusTotal website to test the signature based malware detection. It has about 52 Antivirus engines to test the malware for Detection. Further I will be testing the detection for 3 Antivirus engines running on virtual machines to show Heuristics/behavioural evasion and Firewall bypass by the malware.
I will be bypassing Antivirus engines and their Detection mechanisms (Hash based detections, Signature based Detection, firewalls, Heuristics and sandbox analysis)
This presentation will be with a plenty of Live Demo. So look closely.
TECHNIQUES TO BYPASS ANTIVIRUS ENGINES
ATTEMPT 0 : USING THE METASPLOIT GENERATED EXE TEMPLATE (METASPLOIT-SIMPLE-PAYLOAD.EXE)
ATTEMPT 1: USING A CUSTOM CODE TEMPLATE TO EXECUTE THE SHELLCODE (CUSTOM1.EXE)
ATTEMPT 2 : FINDING LOOPHOLES IN THE VIRTUALIZATION SYSTEM OF THE ANTIVIRUS ENGINES TO EXECUTE THE SHELLCODE(VIRT_BY_REV.EXE)
ATTEMPT 3: ENCRYPTING THE SHELLCODE(CUSTOMENC.EXE) AND ADDING SLEEP CALLS AND NOPS TO EVADE EMULATORS (CUSTOMENCSL.EXE)
ATTEMPT 4: ADDING NOP’S AND HEX EDITING (ENCODNP_XR.EXE) WITHOUT ANY FUNCTIONALITY LOSS
ATTEMPT 5 : CODE INJECTION (REMOTE_XOR_NETSTAT_GETPROC_SLEEP.EXE)
ATTEMPT 6: GHOST-WRITING AND USING METAMORPHIC CODE TO BYPASS ANTIVIRUS AND HEURISTIC DETECTION (FINAL.EXE)
IMP: There will be lots of Live Demo’s for every step of Antivirus Bypassing
Cyber Security Speaker | Consultant | Researcher | Trainer | Instructor | Mentor |
Vanshit Malhotra has bean a Cyber Security Researcher for more than 8 years and possess knowledge in all aspects of IT security testing and implementation with expertise in solution building for large organisations, managing cross-cultural teams and planning & execution of security needs beyond national boundaries. He is a cyber security Specialist, passionate about hacking, more for the intellectual challenge, curiosity & adventure.
Vanshit Malhotra has been an Investigator of Industrial Espionage, Insider Threats and numerous Cyber Crimes. He has also authored numerous published research papers, articles and blogs. He is a sought after public Speaker and Cyber Security Researcher, presenting his research at many international security conferences such as “HACKON-2016”, “HACKTECH 2017”, "National Cyber Safety and Security Standards (NCDRC) 2017”, “c0c0n X 2017”, ”HAKON 2017”, “OWASP Seasides 2019”.
In his current profile, he leads team super specialists in cyber security to protect various clients from Cyber Security threats and network intrusion by providing necessary solutions and services to institutions and organisations.